Permalink
Browse files

fixed minor problem with being able to get caller function

  • Loading branch information...
1 parent aac25f0 commit 463a0879377676b363ef36d2c463e4cfee21acef @matthewfl committed Sep 25, 2011
Showing with 14 additions and 2 deletions.
  1. +12 −0 sandbox/boxed.js
  2. +2 −2 sandbox/index.js
View
@@ -3,6 +3,17 @@ exports={},
__dirname="./",
__filename="main.js";
+__server_function = function () {throw "server not implemented";};
+__server = function (s) { __server_function=s; };
+___server(function (req, res) {
+ function a () {
+ try {
+ __server_function(req, res);
+ }catch(e) {} // make this report the error
+ }
+ setTimeout(a, 0);
@wh0

wh0 Oct 4, 2011

Won't this break request.on('data', ...) and request.on('end', ...) for really short requests?

@matthewfl

matthewfl Oct 4, 2011

Owner

Um, I believe that node will buffer the data to some extend, and that there is still some time that headers are coming in. This is an interesting point though. The thing about setTimeout(a,0) is that is basically executed in a very short order (I believe in under a ms in v8, but I am not 100% sure).
If I had used setTimeout(a, 1) I would agree with you

@matthewfl

matthewfl Oct 8, 2011

Owner

ok point taken, this fix introduces a number of new issues (but not security related).
I will have to think something else up, unless you have any ideas to deal with this.

@wh0

wh0 Oct 10, 2011

no recommendations, sorry

@wh0

wh0 Jan 25, 2012

Maybe it would help to pause req after line 13 and resume it after line 9 or line 10.
edit: nvm, no it wouldn't

In other news, the documentation recommends process.nextTick(a) over setTimeout(a, 0).

@matthewfl

matthewfl Feb 7, 2012

Owner

Process next tick has the same problem as setTimeout is trying to fix. The reason for using setTimeout is that the callback is called from C++ code which can not be overwritten. I am thinking that a simple C++ module might fix this issue by simply calling back into a function and preventing the system from figuring out who the parent caller is.

https://github.com/joyent/node/blob/master/src/node.js#L192

+});
+
(function () {
// this code runs with the client code
@@ -30,3 +41,4 @@ __filename="main.js";
global.Buffer = require('buffer').Buffer;
})();
+
View
@@ -9,12 +9,12 @@ function nothing() {}
function SandBox (code, config) {
var self = this;
self.config = config;
- self.raw_server = function () {throw "server not implemented";};
+ self.raw_server = null;//function () {throw "server not implemented";};
self.count=100000;
self.last_count_time = Date.now();
self.error = false;
this.context={
- __server: function (fun) { self.raw_server=fun || function () {throw "server not implemented";};},
+ ___server: function (fun) { if(self.raw_server === null) self.raw_server=fun; },
__get_code: function (name) {
if(modules[name]) {
if(typeof modules[name] == "string")

0 comments on commit 463a087

Please sign in to comment.